<?
session_start();
header('Content-type: text/html;charset=utf-8');
include('../db_info.php');

if ($_SESSION['manager_login']!=true)
{
	header ("Location: index.php",true,301);
	//print_r($_SESSION);
    exit();
};

/*
foreach ($_POST as $key => $value) { 
    $_POST[$key] = mysql_real_escape_string($value); 
}
*/

$order_id=(int)$_GET['order_id'];

if ($order_id==0)
{
	$order_id=(int)$_POST['order_id'];
	if ($order_id==0)
	{
		echo "error";
		exit();
	};	
};

//UPDATE ORDERS

if (isset($_POST['edit']))
{
		$sql="insert into orders_history(parent_order_id,time,tel1,manufacturerName,carName,carAge,drivers,skName,
		alarmList,power,status,new_ring_date,comments,comments_value,fio,orderType,korobka,kredit_bank,last_strax,ubitki,brak,carPrice,realCost,manager_id,city,create_time) values
		('".$order_id."','".time()."','".$_POST['tel1']."','".$_POST['manufacturerName']."','".$_POST['carName']."','".$_POST['carAge']."','".$_POST['drivers']."',
		'".$_POST['skName']."','".$_POST['alarmList']."','".$_POST['power']."','".$_POST['status']."','".$_POST['new_ring_date']."',
		'".$_POST['comments']."','".$_POST['comments_value']."','".$_POST['fio']."','".$_POST['orderType']."','".$_POST['korobka']."','".$_POST['kredit_bank']."',
		'".$_POST['last_strax']."','".$_POST['ubitki']."','".$_POST['brak']."','".$_POST['carPrice']."','".$_POST['realCost']."',".$_SESSION['manager_id'].",'".$_POST['city']."','".$_POST['create_time']."')";
		
		if(!$result = $GLOBALS['mysqli_conn1']->query($sql))
		{
			echo "<br>".$sql;
			exit();
		};
		
		if(isset($_POST['manager_id']))
			$set_manager = "', manager_id='".$_POST['manager_id'];
		else
			$set_manager = "";	
  
		$sql="update orders set ".
			"tel1='".$_POST['tel1'].
			"', manufacturerName='"	.$_POST['manufacturerName'].
			"', carName='"			.$_POST['carName'].
			"', carAge='"			.$_POST['carAge'].
			"', drivers='"			.$_POST['drivers'].
			"', skName='"			.$_POST['skName'].
			"', alarmList='"			.$_POST['alarmList'].
			"', power='"				.$_POST['power'].
			"', status='"			.$_POST['status'].
			"', new_ring_date='"		.$_POST['new_ring_date'].
			"', comments='"			.$_POST['comments'].
			"', comments_value='"	.$_POST['comments_value'].
			"', fio='"				.$_POST['fio'].
			"', orderType='"			.$_POST['orderType'].
			"', korobka='"			.$_POST['korobka'].
			"', kredit_bank='"		.$_POST['kredit_bank'].
			"', last_strax='"		.$_POST['last_strax'].
			"', ubitki='"			.$_POST['ubitki'].
			"', brak='"				.$_POST['brak'].
			"', carPrice='"			.$_POST['carPrice'].
			"', realCost='"			.$_POST['realCost'].
			"', city='"				.$_POST['city'].
			$set_manager.
			"' where order_id=".$order_id." ";
			
		if(!$result = $GLOBALS['mysqli_conn1']->query($sql))
		{
			echo "<br>".$sql;
			exit();
		};
		
	$upd_rez="Изменения успешно сохранены!";
};


//GET MANAGER_ROW
$sql="select * from managers where id=".$_SESSION['manager_id']." ";
if(!$result = $GLOBALS['mysqli_conn1']->query($sql))
{
	echo "<br>".$sql;
	exit();
};
	
if (mysqli_num_rows($result)==0)
{
	header ("Location: index.php",true,301);
    exit();
};

$manager_row=mysqli_fetch_array($result);

if($_SESSION['superviser']==1)
{
	$sql="select * from orders where order_id=".$order_id." ";
}
else
{
	$sql="select * from orders where order_id=".$order_id." and manager_id=".$_SESSION['manager_id']." ";
};
if(!$result = $GLOBALS['mysqli_conn1']->query($sql))
{
	echo "<br>".$sql;
	exit();
};
	
if (mysqli_num_rows($result)==0)
{
	header ("Location: index.php",true,301);
    exit();
};

$order_row=mysqli_fetch_array($result);

$status_mas[1]="Новая";
$status_mas[2]="Идет расчет";
$status_mas[3]="Перезвонить";
$status_mas[4]="Отказ";
$status_mas[5]="Неверный номер";
$status_mas[6]="Отправлено на реализацию";
$status_mas[7]="Оплачено";

//$status=$status_mas[$orders_row['status']];
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1251"/>
    <title>kz-pro.com - Менеджер</title>
    <link type="text/css" rel="stylesheet" href="style.css"/>
	<link href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" rel="stylesheet" type="text/css"/>
	<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
	<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
    <!--[if lte IE 7]><link type="text/css" rel="stylesheet" href="ie.css" /><![endif]-->
</head>

<body>
    <div class="insidepage">
        <div id="page">
            <div id="header">
                <h1 class="logo"><a href="#" title="kz-pro.com - Партнерская программа автострахования">kz-pro.com - Менеджер</a></h1>
                <ul class="mainmenu">
                    <li class="active"><span><em>Главная</em></span></li>
                    <li class="logout"><span><a href="exit.php" title="Выход">Выход</a></span></li>
                </ul>
                <div class="userinfo">Вы вошли как, <a href="#" title="Wildcat"><?echo $manager_row['login'];?></a></div>

            </div>
            <div id="content">
 
                <div class="table_title">
                    <h3><span>Заявка</span> <?echo $order_row['order_id']; if ($upd_rez!='') echo ' - <font color="red">'.$upd_rez.'</font>';?></h3>
					<a href="lk.php">Вернуться на главную</a>
                    <br /><br />
                </div>
                <form method="post">
				<table >
                    <thead>
                        <tr>
                            <th align="left">Поле</th>
							<th align="left">Значение</th>
                        </tr>
                    </thead>
				<?
					echo '<tr><td>Сайт</td><td>'.$order_row['site'].'</td></tr>';
					echo '<tr><td>Id Заявки</td><td>'.$order_row['order_id'].'</td></tr>';
					
					if ($_SESSION['superviser'] == 1)
					{
						echo '<tr><td>Менеджер</td><td><select name="manager_id">';
						
						if($_SESSION['admin'] == 1)
							$sql="select * from managers";
						else
							$sql="select * from managers where admin = 0";
							
						if(!$result = $GLOBALS['mysqli_conn1']->query($sql))
						{
							echo "<br>".$sql;
							exit();
						};
						
						while($row=mysqli_fetch_array($result))
						{
							$dop='';
							if($row['id']==$order_row['manager_id'])
								$dop="selected";
						
							echo '<option value="'.$row['id'].'" '.$dop.'>'.$row['fio'].'</option>';
						};
					
						echo '</select></td></tr>';
					};	
					
					echo '<input type="hidden" name="create_time" value="'.$order_row['create_time'].'" />';
					echo '<tr><td>Город</td><td><input name="city" value="'.$order_row['city'].'" /></td></tr>';
					echo '<tr><td>Дата</td><td>'.date('Y-m-d H:i',$order_row['create_time']).'</td></tr>';
					echo '<tr><td>ФИО</td><td><input name="fio" value="'.$order_row['fio'].'" /></td></tr>';
					echo '<tr><td>Телефон</td><td><input name="tel1" value="'.$order_row['tel1'].'" /></td></tr>';

					if($order_row['hasInsurance'] == 1){
						echo '<tr><td>Есть страховка?</td><td>Да</td></tr>';
						echo '<tr><td>Cтраховка заканчивается:</td><td>'.$order_row['endInsurance'].'</td></tr>';
					} else if ($order_row['hasInsurance'] == 0) {
						echo '<tr><td>Есть страховка?</td><td>Нет</td></tr>';
					} else {
						echo '<tr><td>Есть страховка?</td><td>Неизвестно</td></tr>';
					}
					
					echo '<tr><td>Вид страхования</td><td><input name="orderType" value="'.$order_row['orderType'].'" /></td></tr>';
					echo '<tr><td>Марка</td><td><input name="manufacturerName" value="'.$order_row['manufacturerName'].'" /></td></tr>';
					echo '<tr><td>Модель</td><td><input name="carName" value="'.$order_row['carName'].'" /></td></tr>';
					echo '<tr><td>Возраст авто</td><td><input name="carAge" value="'.$order_row['carAge'].'" /></td></tr>';
					echo '<tr><td>Стоимость авто</td><td><input name="carPrice" value="'.$order_row['carPrice'].'" /></td></tr>';
					echo '<tr><td>Водители</td><td><input name="drivers" value="'.$order_row['drivers'].'" /></td></tr>';
					echo '<tr><td>Синализация</td><td><input name="alarmList" value="'.$order_row['alarmList'].'" /></td></tr>';
					echo '<tr><td>Мощность и объем</td><td><input name="power" value="'.$order_row['power'].'" /></td></tr>';
					
					echo '<tr><td>Коробка</td><td><input name="korobka" value="'.$order_row['korobka'].'" /></td></tr>';
					echo '<tr><td>В кредит? Банк</td><td><input name="kredit_bank" value="'.$order_row['kredit_bank'].'" /></td></tr>';
					echo '<tr><td>Предыдущая страховая</td><td><input name="last_strax" value="'.$order_row['last_strax'].'" /></td></tr>';
					echo '<tr><td>Были ли убытки</td><td><input name="ubitki" value="'.$order_row['ubitki'].'" /></td></tr>';
					echo '<tr><td>Состоит в браке?</td><td><input name="brak" value="'.$order_row['brak'].'" /></td></tr>';
					
					echo '<tr><td>Название траховой</td><td><input name="skName" value="'.$order_row['skName'].'" /></td></tr>';
					echo '<tr><td>Стоимость страховки</td><td><input name="realCost" value="'.$order_row['realCost'].'" /></td></tr>';
					echo '<tr><td>Статус</td><td><select name="status">';
					
					for($i=1;$i<=sizeof($status_mas);$i++)
					{
						$dop='';
						if ($i==$order_row['status'])
							$dop="selected";
						echo '<option value="'.$i.'" '.$dop.'>'.$status_mas[$i].'</option>';
					};
					
					echo '</select></td></tr>';
					echo '<tr><td>Дата следующего звонка</td><td><input name="new_ring_date" value="'.$order_row['new_ring_date'].'" />   (Формат yyyy-mm-dd hh:ii, пример 2011-01-28 16:00)</td></tr>';
					echo '<tr><td>Комментарии</td><td><textarea rows="5" cols="100" name="comments">'.$order_row['comments'].'</textarea></td></tr>';
					echo '<tr><td>Расчет по страховым</td><td><textarea rows="5" cols="100" name="comments_value">'.$order_row['comments_value'].'</textarea></td></tr>';
				
				?>
				
					<input type="hidden" name="order_id" value="<?echo $order_row['order_id'];?>">
					<input type="submit" name="edit" value="Сохранить изменения">
                </table>
				</form>
            </div>
        </div>
        <div id="footer_out"><div id="footer">Все права защищены компанией "Kz-pro"</div></div>
    </div>
</body>
</html>
